I have an ASA5510 I want to place in my network for firewalling and VPN purposes. It is replacing the Cisco 2821 router using the VPN and firewall modules.
I would like to "hairpin" VPN users and restrict them to a subset of my outside IP addresses; i.e. they connect to the outside port on 64.244.xx.2 /25 (split tunneling is disabled), but to the outside world they then have an outside IP address of 64.244.xx.96-.126.
Is this possible and can I also allow them access into my internal network at the same time?
Or should I set up separate VPN groups; one that gets internal access and an internal IP or 192.168.252.0 /24, and one that is hairpinned out to the Internet using routeable IPs?
What is the best way to do this? I have been going through every option under the ASDM, but to no avail. I can provide my current config if needed.